[Freeipa-users] Debian clients?
Johan Sunnerstig
Johan.Sunnerstig at auriga.se
Mon Sep 19 04:53:38 UTC 2011
Hi.
Thanks for all the feedback, I think I'll start with this route and see if I can get a more recent SSSD working.
And yes, I do all my documentation in Zim, and my boss is quite supportive of sharing the work I/we do, so if I do get this working in a nice manner I will certainly be more than happy to share the documentation.
As for contributing code, I'm more than a little rusty when it comes to coding Python(not that I was particularly good to begin with), but maybe if I get some spare time I could have a go at it. :)
Thanks again for all the feedback everyone.
Regards
Johan
________________________________
From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Dmitri Pal [dpal at redhat.com]
Sent: 16 September 2011 22:42
To: freeipa-users at redhat.com; Nalin Dahyabhai
Subject: Re: [Freeipa-users] Debian clients?
On 09/16/2011 11:19 AM, Johan Sunnerstig wrote:
Hello.
I'm wondering if anyone has used FreeIPA with Debian clients, and if so, what client software you opted to use?
Right now I have nss-pam-ldapd (http://arthurdejong.org/nss-pam-ldapd/) and the MIT-based krb software that's included in Debian 6 working decently. By that I mean I can use it to allow logins as expected, but so far I haven't worked out allowing or disallowing login based on group membership.
Obviously the best solution would be a "real" IPA client, but has anyone attempted this? I mucked around a bit with the SSSD included in the Debian repos(1.2.1) but didn't get it to work. Though in all fairness I didn't try THAT hard since it seems like SSSD has evolved quite a bit since 1.2.1.
Is the SSSD route worthwhile?
If you can get SSSD 1.5.x (latest) working that would be best avenue as it supports natively IPA host based access control features.
If you manage to do so we will help you to setup it manually. If you as a result of this would be able to share youer experience and create a wiki page with the steps need to do all this manually would be awesome.
An alternative would be to try and port ipa-client to Debian.
I really just need group based logins, sudo controls I can handle based on groups with Puppet, but again, if the real client route isn't too much work that's of course preferable.
If you want something simple there might be some options in the nss ldap but you need to dig it from man pages or from Nalin...
I hope this makes sense, late friday and I have a horrible headache, so if it doesn't I apologize in advance. :)
Regards
Johan
_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com<mailto:Freeipa-users at redhat.com>
https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/<http://www.redhat.com/carveoutcosts/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20110919/9baf7a53/attachment.htm>
More information about the Freeipa-users
mailing list